Actively monitored security email alias for our project: security@giantswarm.io

1. Be an actively maintained and CNCF certified distribution of Kubernetes components.
Yes, we have active AWS, Azure, and on-prem distributions.
Sample AWS conformance report: cncf/k8s-conformance#1052

2. Have a user base not limited to your own organization.
Yes, some public customers are listed on our website

3. Have a publicly verifiable track record up to present day of fixing security issues.
We announce changes in our release notes. Two examples with security fixes: 1, 2.

4. Not be a downstream or rebuild of another distribution.
We are our own platform

5. Be a participant and active contributor in the community.
Some public events are listed on our website.
Some individual contributors and PRs from our organization:
https://github.com/njuettner
https://github.com/webwurst
kubernetes/kops#8780
kubernetes-sigs/cluster-api-provider-azure#978
kubernetes/kube-state-metrics#1238

6. Accept the Embargo Policy.
We accept

7. Be willing to contribute back.
Happily

8. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.
Kinvolk has kindly agreed to vouch for us

Hi folks, just a nudge -- any way we can help here?